Re: "On access" anti-spyware protection.

Hi Oldsod,

This might be off topic - but I've been using the ultimate abondonware -
A PC emulator for the Digital Equipment Corporation Dec-10 mainframe
(which I used back in college in 1983). It ran TOPS-10 which I feel is the best OS ever created.

The free hardware emulator runs on Windows, and emulates the hardware of the original PDP-10 from DEC,
which runs the original Tops-10 OS and genuine Pascal, Fortran, Lisp, APL compilers which I learned
computer science on.

Not sure if you're old enough to have worked on these old mainframes, but they were the best computers
I've ever used. I don't think any malware could attack a 36 bit OS like Tops-10 running on a Windows hardware
emulator.

Re: "On access" anti-spyware protection.

LOL, that is old. Does this old OS have a browser or any internet capability? Can it even send email? There probably is litlle if no viruses and malware written for an OS such as that one.

My approach is to use Knoppix or Ubuntu from a boot disk and run the linux from the cd/dvd drive. It basically uses just the memory of the pP- which is cleaned when the PC turns off. Great for the wild wild web to get risky downloads. I can and often do surf the wild wild web with the Windows, but why take the extra risks?

Re: "On access" anti-spyware protection.

Hi WATCHER.

Do you trial different fw to see how things work. Or to see how they do in leaktests or how they can be tuned/tightened to pass leaktests? It is interesting to do this and educational at the same time.

Re: "On access" anti-spyware protection.

Hi Oldsod,

No, Tops-10 didn't have a browser or internet access (not the fault of the OS - back in the mid 1980's the internet didn't exist).

I like your idea of booting off of Linux from a CD, and browsing from that. If you get infected, a simply reboot will fix it.
I was thinking about installing 64 bit Debian Linux as a dual boot, so I can use Apache Web server.
Do you know if Zone Alarm makes security products for Linux?

Re: "On access" anti-spyware protection.

ZA is just for Windows. Sorry.

But there are many firewalls for Linux.

Actually, with the large number of PC on your home LAN, a dedicated Linus firewall box would be ideal. The PC will the server could be easily fitted in. All it takes is a spare machine that is not needed (or buy an old PC just for the firewall).

It would offer excellent logging of all traffic, time/date use restrictions as per PC, port control, SPI, IP blacklist (or whitelist or both), dedicated email server or all directing email to a dedicated email server for the LAN users, possible antivirus scanning of all http/https traffic, email scanning by an antivirus, possible web filtering (activeX, javascripts, etc) and a few more features. Some are plain- they would not have all of these features, but some are very advanced and would have all of these features.

Plus with an extra router, a "dual homed" network is possible. This would allow for certain PC to be isolated from the other PC- high risk PC could noy contact the safe PC on the LAN, but both could be set to reach the email server and the internet.

Re: "On access" anti-spyware protection.

Dear Oldsod:

I've been testing antispyware lately for my own knowledge. I use screenshots to document the user interface, Task Manager to evaluate their RAM usage, Add or Remove Programs to see how large their installation footprint is, and services.msc to see if they load a service. I test certain features to make sure they work OK. However, I look for tests from qualified sites to determine effectiveness of the software in detection and removal of spyware, as I don't have the capacity to do that myself now. Sure, you could copy a few spyware programs, PUPs, and some hacker software to your computer to see if they are detected and removed, but the tests run by 3rd-party firms are much larger in scale and therefore more accurate.
Of course, you must look at who is running the tests and that there is no conflict of interest.

As for firewalls, I've tested a few personal firewalls recently(Agnitum **bleep** Pro and **bleep** Firewall Pro). The trouble with firewalls is that they require a reboot at the end of installation so they can load at startup. The computers at school that I'm using have Faronics Deep Freeze which will remove the installation on reboot. I was using a computer lab where they didn't have this security software on but it is now closed for the summer. I just see if they work without causing any problems on the computer. Someday, if I can get 2 computers, and the space for it, to test firewalls, I would use remote software like Nessus, Nmap, and Ethereal to test the firewall's capabilities. After that, you could actually attack your home test network with hacker tools to see how well the firewall works. You can't use any of this software legally on a network you don't own. I've used it at school but only after getting permission from an instructor and then only on the subnet that the lab used and I always explained to him what I would be doing. Leak tests are simple tests for RATs but legal for anyone to use as you are testing your own computer.